Configuring the SDN

Overview

The OpenShift SDN enables
communication between pods across the OpenShift cluster, establishing a pod
network. Two SDN plug-ins
are currently available (ovs-subnet and ovs-multitenant), which provide
different methods for configuring the pod network.

For initial quick
installations, the ovs-subnet plug-in is installed and configured by default
as well, and can be reconfigured post-installation.

Configuring the Pod Network on Masters

Cluster administrators can control pod network settings on masters by modifying
parameters in the networkConfig section of the
master configuration file
(located at /etc/origin/master/master-config.yaml by default):

Set to redhat/openshift-ovs-subnet for the ovs-subnet plug-in or
redhat/openshift-ovs-multitenant for the ovs-multitenant plug-in

4

Service IP allocation for the cluster

The serviceNetworkCIDR and hostSubnetLength values cannot be changed
after the cluster is first created, and clusterNetworkCIDR can only be
changed to be a larger network that still contains the original network. For
example, given the default value of 10.1.0.0/16, you could change
clusterNetworkCIDR to 10.0.0.0/15 (i.e., 10.0.0.0/16 plus 10.1.0.0/16)
but not to 10.2.0.0/16, because that does not overlap the original value.

Configuring the Pod Network on Nodes

Cluster administrators can control pod network settings on nodes by modifying
parameters in the networkConfig section of the
node configuration file
(located at /etc/origin/node/node-config.yaml by default):

Set to redhat/openshift-ovs-subnet for the ovs-subnet plug-in or
redhat/openshift-ovs-multitenant for the ovs-multitenant plug-in

Migrating Between SDN Plug-ins

If you are already using one SDN plug-in and want to switch to another:

Change the networkPluginName parameter on all
masters and
nodes in their configuration files.

Restart the atomic-openshift-master service on masters and the
atomic-openshift-node service on nodes.

When switching from the ovs-subnet to the ovs-multitenant plug-in, all the
existing projects in the cluster will be fully isolated (assigned unique VNIDs).
Cluster administrators can choose to modify
the project networks using the administrator CLI.

External Access to the Cluster Network

If a host that is external to OpenShift requires access to the cluster network,
you have two options:

Configure the host as an OpenShift node but mark it
unschedulable
so that the master does not schedule containers on it.

Create a tunnel between your host and a host that is on the cluster network.